PT-2007-2103 · Apple · Appkit+1

Published

2007-02-01

Updated

2008-09-05

CVE-2007-0647

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Help Viewer version 3.0.0

Description The issue allows remote user-assisted attackers to cause a denial of service, resulting in a crash. This occurs when format string specifiers are included in a filename and not properly handled when calling the NSBeginAlertSheet function from the Apple AppKit.

Recommendations For Help Viewer version 3.0.0, consider restricting the handling of filenames with format string specifiers to prevent the denial of service. As a temporary workaround, avoid using filenames that include format string specifiers until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-0647

Affected Products

Appkit

Help Viewer

PT-2007-2103 · Apple · Appkit+1

CVE-2007-0647

Related Identifiers

Affected Products

References · 5